• 



Amendments to the Claims: 

This Usting of claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims: 



1. (Previously presented) A method of administering registration of 
personal information in a data base in a manner tending to assure integrity of the 
personal information therein, the method comprising: 

a. obtaining, from each user with respect to whom data is to be placed in the 
data base, personal information of such user, the content of such personal 
information initially established by such user in an enrollment phase. 

b. also obtaining, from each such user, a first set of physiological identifiers 
associated with such user, the first set of physiological identifiers initially 
provided by such user in the enrollment phase; 

c. storing, in a digital storage medium, a data set pertinent to such user, the 
data set including such user's personal information and a representation of the 
physiological identifiers associated with such user; and 

d. permitting a subject to modify a user's personal information in the stored 
data set pertinent to such user only if (i) the subject provides a new set of 
physiological identifiers and (ii) it is determined, by recourse to the stored data 
set, that there is a sufficient match between at least one member in the new set 
and a corresponding member of the first set, so that the subject is authenticated 
as such user, 

2. (Previously presented) A method according to claim 1, further 
comprising obtaining from such user such user's medical information, wherein 
the data set includes such user's medical information, and permitting a subject to 
modify a user's medical information in the stored data set pertinent to such user 
only if (i) the subject provides a new set of physiological identifiers and (ii) it is 
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determined, by recourse to the stored data, set, that there is a sufficient match 
between at least one member in the new set and a corresponding member of the 
first set, so that the subject is authenticated as such user. 

3. (Original) A method according to claim 1, wherein the first set includes 
a plurality of members. 

4. (Previously presented) A method according to claim 1, wherein the 
first set of physiological identifiers includes the appearance of such user's face. 

5. (Previously presented) A method according to claim 1, wherein the 
first set of physiological identifiers includes characteristics of utterances of such 
user. 

6. (Previously presented) A method according to claim 1, wherein the 
first set of physiological identifiers includes a fingerprint of such user. 

7. (Previously presented) A method according to claim 1, wherein the 
first set of physiological identifiers includes the configuration of an iris in an eye 
of such user. 

8. (Previously presented) A method according to claim 1, wherein the 
first set includes at least one member selected from the group consisting of a 
fingerprint of such user and the configuration of an iris in an eye of such user 
and at least one member selected from the group consisting of characteristics of 
utterances of such user and the appearance of such user's face. 

9. (Previously presented) A method according to any of claims 1 and 2, 
wherein, pursuant to step (d), the subject is permitted to modify the user's 
information in the stored data set only if the subject provides the new set of 
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physiological identifiers under a condition permitting verification, independent 
of the physiological identifiers, that the new set is being provided by the person 
purporting to provide them. 

10. (Original) A method according to claim 9, wherein the condition 
includes the physical presence of the subject when providing the new set. 

11. (Original) A method according to claim 9, wherein the condition 
includes having the subject provide the new set when prompted to do so. 

12. (Original) A method according to claim 9, wherein the condition 
includes having the subject provide a non-physiological identifier. 

13. (Original) A method according to claim 12, wherein the non- 
physiological identifier is selected from the group consisting of a password and a 
pass card. 

14. (Previously presented) A method according to claim 12, wherein the 
non-physiological identifier is provided in the course of a session, over a 
computer network, employing a user's public and private keys. 

15. (Previously presented) A method according to claim 1, further 
comprising: 

prompting each user, on a periodic basis, to update the user's personal 
information in the data set pertinent to such user. 

16. (Previously presented) A method according to claim 1, further 
comprising: 



4 



obtaining a test set of physiological identifiers from a subject purporting 

to be a specific user; 

accessing information in the data set pertinent to the specific user; and 
determining if there is a sufficient match between at least one member in 

the test set and a corresponding physiological identifier represented in the data 

set. 

17. (Previously presented) A method for authenticating a user transaction, 
the method comprising: 

obtaining a test set of physiological identifiers from a subject purporting 
to be a specific user; 

accessing information in a first data set pertinent to the specific user 
stored in a registration data base, the data base containing information provided 
by multiple users in a separate data set for each user, each data set of a specific 
user including (i) personal information, of the specific user, that has been 
established by the specific user, and (ii) a representation of a first set of 
physiological identifiers, associated with the specific user, that has been 
provided by the specific user, the data base being maintained under conditions 
wherein modification by a subject of a user's personal information in a stored 
data set pertinent to the specific user is permitted only if (i) the subject provides a 
new set of physiological identifiers and (ii) it is determined, by recourse to the 
stored data set, that there is a sufficient match between at least one member in 
the new set and a corresponding member of the first set, so that the subject is 
authenticated as the specific user; and 

determining if there is a sufficient match between at least one member in 
the test set and a corresponding physiological identifier represented in the data 
set. 

18. (Previously presented) A method according to claim 17, wherein: 
the database is accessible via a server at a first location; 
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obtaining the test set of physiological identifiers is performed at a second 
location remote from the first location; 

determining if there is a sufficient match includes communicating with the 
server from the second location over a network. 

19. (Original) A method according to claim 18, wherein: 
obtaining the test set of physiological identifiers is performed under 

supervision of a merchant. 

20. (Original) A method according to claim 19, wherein: 
determining if there is a sufficient match is performed without revealing 

content of the first data set to the merchant. 

\ 

21. (Original) A method according to any of claims 18 through 20, 
wherein the transaction is a change of address for an account. 

22. (Original) A method according to any of claims 18 through 20, 
wherein the transaction is an application to open an accoimt. 

23. (Original) A method according to claim 21, wherein the account 
authorizes the transfer of funds. 

24. (Original) A method according to claim 22, wherein the account 
authorizes the transfer of funds. 

25. (Original) A method according to claim 21, wherein the account is 
based on the extension of credit to the account holder. 

26. (Original) A method according to claim 22, wherein the accoimt is 
based on the extension of credit to the account holder. 
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27. (Original) A method according to claim 18, wherein the transaction is 
an application to a government agency for one of a license and a renewal of a 
license. 

28. (Original) A method according to claim 18, wherein the transaction is 
an application to a government agency for one of an identification token and a 
renewal of an identification token. 

29. (Previously presented) A computer system comprising: 

a digital storage medium on which has been recorded a multi-user personal 
information data base, the data base comprising, for each specific user, a data set 
pertinent to the specific user, the data set including: 

(a) the specific user's personal information obtained from the specific 

user; 

(b) a representation of a first set of physiological identifiers associated 
with the specific user; and 

(c) the specific user's emergency information obtained from the 
specific user; and 

a computer process running in association with the storage medium to cause the 
storage medium to be maintained under conditions wherein modification by a 
subject of such personal and emergency information in a stored data set 
pertinent to the specific user is permitted only if (i) the subject provides a new set 
of physiological identifiers and (ii) it is determined, by recourse to the stored 
data set, that there is a sufficient match between at least one member in the new 
set and a corresponding member of the first set, so that the subject is 
authenticated as the specific user. 

30. (Previously presented) A system for updating a personal information 
database containing a data set for each one of multiple users, each data set 
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including a user's personal information and a representation of a first set of 
physiological identifiers associated with the user, the system comprising: 

a. a physiological identifier transducer having an output representing 
a physiological identifier associated with a subject; 

b. a user access authorization module, coupled to the physiological 
identifier transducer and to the database, for determining whether the output of 
the physiological identifier transducer sufficiently matches the representation of 
the first set of physiological identifiers, so that the subject is authenticated as the 
user; 

c. a user data set access module, coupled to the user access 
authorization module and to the database, for accessing the user data set, in the 
event that the user access authorization module has authenticated the subject as 
the user; and 

d. a user data set update module, coupled to the database, to the user 
data set access module, and to a user input, permitting the user to update such 
user's personal information in the corresponding data set in the database in the 
event that the user data set access module has provided access to the user data 
set. 

31. (Previously presented) A system for authenticating transactions, the 
system comprising: 

a. a multi-user personal information data base, the data base comprising, for 
each specific user, a data set pertinent to the specific user, the data set including: 

(i) personal information, of the specific user, that has been established by the 
specific user; 

(ii) a representation of a first set of physiological identifiers, associated with 
the specific user, that has been provided by the specific user; 

the data base being maintained vmder conditions wherein modification by a 
subject of a user's personal information in a stored data set pertinent to the 
specific user is permitted only if (i) the subject provides a new set of 
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physiological identifiers and (ii) it is deternuned, by recourse to the stored data 
set, that there is a sufficient match between at least one member in the new set 
and a corresponding member of the first set, so that the subject is authenticated 
as the specific user; 

b. a multiplicity of remotely distributed terrrunals in communication with 
the data base, each terminal including a physiological identifier transducer and a 
communication link with a merchant; and 

c. an authenticity checker, which determines whether there is a sufficient 
match between the output of a physiological identifier transducer attributable to 
a subject purporting to be a user and a physiological identifier in the first set. 

32. (Original) A system according to claim 28, wherein the first set 
includes a plurality of members. 

33. (Original) A system according to claim 28, wherein the first set 
includes at least one member selected from the group consisting of a fingerprint 
of the user and the configuration of an iris in an eye of the user and at least one 
member selected from the group consisting of characteristics of utterances of the 
user and the appearance of the user's face. 

34. (Previously presented) A method according to claim 1, wherein 
obtaining personal information of such user includes obtaining data pertairung 
to one or more merchants. 

35. (Previously presented) A method according to claim 1, wherein any 
financial information that may be in the data set is not limited to that of a 
particular banking or financial institution. 

36. (Previously presented) A method of administering personal 
information in a data base in a manner tending to assure integrity of data therein. 
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the data base being of a type wherein a stored data set is established for each 
user and there has been obtained from each user with respect to such data a first 
set of physiological identifiers associated with such user and included in the data 
set, the method comprising: 

a. obtaining from a subject seeking to modify information in the stored 
data set pertinent to such user a new set of physiological identifiers, and 

b. permitting the subject to modify such user's personal information in 
the stored data set only if it is determined, by recourse to the stored data set, that 
there is a sufficient match between at least one member in the new set and a 
corresponding member of the first set, so that the subject is authenticated as such 
user. 

37. (Previously presented) A method according to claim 36, wherein any 
financial information that may be in the stored data set is not limited to that of a 
particular banking or financial institution. 

38. (Previously presented) A method according to claim 36, wherein 
obtaining the new set of physiological identifiers and permitting the subject to 
modify the information in the stored data set are performed in a facility 
established for that purpose. 

39. (Previously presented) A method for authenticating a user transaction 
using a data base of a type wherein a stored data set is established for each 
potential user and there has been obtained from each potential user with respect 
to such data a first set of physiological idenhfiers associated with such potential 
user and included in the data set, the method comprising: 

administering the data base in a manner such that personal information in 
a stored data set pertinent to an individual may not be modified by a person 
purporting to be the individual unless there has been obtained a sufficient match 
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between at least one physiological identifier in the stored data set and a new 
physiological identifier obtained from the person; 

obtaining a test set of physiological identifiers from a subject purporting to be a 
specific user; 

accessing information in the data set pertinent to the specific user in the 
data base; and 

determining if there is a sufficient match between at least one member in 
the test set and a corresponding physiological identifier represented in the data 
set. 

40. (Previously presented) A method according to claim 39, wherein any 
financial information that may be in the stored data set is not limited to that of a 
particular banking or financial institution. 

41. (Previously presented) A method according to any of claims 1, 17, 36 
and 39, further comprising: 

retaining a representation of at least one of the new set of physiological 
identifiers, if there is an insufficient match. 

42. (Previously presented) A method according to claim 41, further 
comprising: 

providing access to the retained representation of the at least one of the 
new set of physiological identifiers by a law enforcement official. 

43. (Previously presented) A method according to any of claims 1 and 36, 
further comprising: 

permitting a third party of a specified kind to view but not modify the 
user's personal information in the stored data set without requiring such third 
party to provide a physiological identifier that sufficiently matches a 
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corresponding member of the first set of physiological identifiers stored in the 
data set. 

44. (Previously presented) A method according to claim 43, wherein the 
specified kind is a merchant. 

45. (Previously presented) A method according to claim 2, further 
comprising: 

permitting a third party of a specified kind to view but not modify the 
user's medical information in the stored data set without requiring such third 
party to provide a physiological identifier that sufficiently matches a 
corresponding member of the first set of physiological identifiers stored in the 
data set. 

46. (Previously presented) A method according to claim 45, wherein the 
specified kind is a health care provider. 

47. (Previously presented) A method according to any of claims 1 and 2, 
further comprising: 

providing, to each user, a token indicating that the user has provided 
information to the data base. 

48. (Previously presented) A method according to claim 47, wherein the 
token comprises a card. 

49. (Previously presented) A method according to claim 47, wherein the 
token includes an identifier that, when presented to the data base by a third 
party, enables such third party to access but not modify the user's information in 
the data base. 
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50. (Previously presented) A method according to claim 49, wherein the 
identifier comprises: 

a record number identifying the data set pertinent to such user. 
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